GB2517483B - Detecting file encrypting malware - Google Patents

Detecting file encrypting malware

Info

Publication number
GB2517483B
GB2517483B GB1315049.5A GB201315049A GB2517483B GB 2517483 B GB2517483 B GB 2517483B GB 201315049 A GB201315049 A GB 201315049A GB 2517483 B GB2517483 B GB 2517483B
Authority
GB
United Kingdom
Prior art keywords
file encrypting
detecting file
malware
encrypting malware
detecting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1315049.5A
Other versions
GB2517483A (en
GB201315049D0 (en
Inventor
Marko Thure
Mikko Suominen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
F Secure Corp
Original Assignee
F Secure Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by F Secure Corp filed Critical F Secure Corp
Priority to GB1315049.5A priority Critical patent/GB2517483B/en
Publication of GB201315049D0 publication Critical patent/GB201315049D0/en
Publication of GB2517483A publication Critical patent/GB2517483A/en
Application granted granted Critical
Publication of GB2517483B publication Critical patent/GB2517483B/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/12Fraud detection or prevention
    • H04W12/1208Anti-malware arrangements, e.g. protecting against SMS fraud or mobile malware
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2127Bluffing
GB1315049.5A 2013-08-22 2013-08-22 Detecting file encrypting malware Active GB2517483B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1315049.5A GB2517483B (en) 2013-08-22 2013-08-22 Detecting file encrypting malware

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1315049.5A GB2517483B (en) 2013-08-22 2013-08-22 Detecting file encrypting malware
US14/462,638 US9292687B2 (en) 2013-08-22 2014-08-19 Detecting file encrypting malware

Publications (3)

Publication Number Publication Date
GB201315049D0 GB201315049D0 (en) 2013-10-02
GB2517483A GB2517483A (en) 2015-02-25
GB2517483B true GB2517483B (en) 2015-07-22

Family

ID=49302082

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1315049.5A Active GB2517483B (en) 2013-08-22 2013-08-22 Detecting file encrypting malware

Country Status (2)

Country Link
US (1) US9292687B2 (en)
GB (1) GB2517483B (en)

Families Citing this family (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2622630C2 (en) * 2015-06-05 2017-06-16 Закрытое акционерное общество "Лаборатория Касперского" System and method of modified data recovery
US9600682B2 (en) * 2015-06-08 2017-03-21 Accenture Global Services Limited Mapping process changes
US10176438B2 (en) 2015-06-19 2019-01-08 Arizona Board Of Regents On Behalf Of Arizona State University Systems and methods for data driven malware task identification
US20170034189A1 (en) * 2015-07-31 2017-02-02 Trend Micro Incorporated Remediating ransomware
US20190228153A1 (en) * 2015-09-23 2019-07-25 University Of Florida Research Foundation, Incorporated Malware detection via data transformation monitoring
US20170091453A1 (en) * 2015-09-25 2017-03-30 Mcafee, Inc. Enforcement of file characteristics
EP3151147B1 (en) 2015-09-30 2017-12-13 AO Kaspersky Lab System and method for detection of malicious data encryption programs
RU2617631C2 (en) * 2015-09-30 2017-04-25 Акционерное общество "Лаборатория Касперского" Method for detection working malicious software runned from client, on server
US20170223031A1 (en) * 2016-02-01 2017-08-03 Symantec Corporation Systems and methods for modifying file backups in response to detecting potential ransomware
BR112018070251A2 (en) * 2016-04-01 2019-01-29 Telefonica Digital Espana Slu method and system for protecting a computer archive from possible encryption by malicious code
US9888032B2 (en) * 2016-05-03 2018-02-06 Check Point Software Technologies Ltd. Method and system for mitigating the effects of ransomware
US20180018458A1 (en) * 2016-07-14 2018-01-18 Mcafee, Inc. Mitigation of ransomware
US9756061B1 (en) * 2016-11-18 2017-09-05 Extrahop Networks, Inc. Detecting attacks using passive network monitoring
CN106611123A (en) * 2016-12-02 2017-05-03 哈尔滨安天科技股份有限公司 Method and system for detecting 'Harm. Extortioner. a' virus
US20180157834A1 (en) * 2016-12-02 2018-06-07 Politecnico Di Milano Protection system and method for protecting a computer system against ransomware attacks
CN106845222A (en) * 2016-12-02 2017-06-13 哈尔滨安天科技股份有限公司 A kind of detection method and system of blackmailer's virus
US10121003B1 (en) * 2016-12-20 2018-11-06 Amazon Technologies, Inc. Detection of malware, such as ransomware
CN106803038A (en) * 2016-12-28 2017-06-06 北京安天网络安全技术有限公司 A kind of method and system of detection PowerShell malicious codes
US10169586B2 (en) 2016-12-31 2019-01-01 Fortinet, Inc. Ransomware detection and damage mitigation
US10289844B2 (en) 2017-01-19 2019-05-14 International Business Machines Corporation Protecting backup files from malware
US9734337B1 (en) * 2017-01-24 2017-08-15 Malwarebytes Inc. Behavior-based ransomware detection
US10248577B2 (en) 2017-04-07 2019-04-02 International Business Machines Corporation Using a characteristic of a process input/output (I/O) activity and data subject to the I/O activity to determine whether the process is a suspicious process
US10282543B2 (en) 2017-05-03 2019-05-07 International Business Machines Corporation Determining whether to destage write data in cache to storage based on whether the write data has malicious data
US10445497B2 (en) 2017-05-03 2019-10-15 International Business Machines Corporation Offloading processing of writes to determine malicious data from a first storage system to a second storage system
KR101973858B1 (en) * 2017-06-26 2019-04-29 엄희정 The Apparatus And Method For Detecting A Ransomware
US10530788B1 (en) * 2017-11-01 2020-01-07 Trend Micro Incorporated Detection and prevention of malicious remote file operations
KR101970993B1 (en) * 2017-11-29 2019-04-23 주식회사 더볼터 Method internal defensing of solid state drive against ransomeware without data loss and ransomeware detec system
FR3077149A1 (en) * 2018-01-19 2019-07-26 Inria Institut National De Recherche En Informatique Et En Automatique Method and device for detecting encryption, in particular for anti-virus ranconneur.

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1679631A2 (en) * 2004-12-21 2006-07-12 Microsoft Corporation Method and system for a self-healing device
US8352522B1 (en) * 2010-09-01 2013-01-08 Trend Micro Incorporated Detection of file modifications performed by malicious codes
EP2570955A1 (en) * 2011-09-13 2013-03-20 F-Secure Corporation Restoration of file damage caused by malware

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8359650B2 (en) * 2002-10-01 2013-01-22 Skybox Secutiry Inc. System, method and computer readable medium for evaluating potential attacks of worms
US7644441B2 (en) * 2003-09-26 2010-01-05 Cigital, Inc. Methods for identifying malicious software
US20070152854A1 (en) * 2005-12-29 2007-07-05 Drew Copley Forgery detection using entropy modeling
US8918874B2 (en) * 2010-05-25 2014-12-23 F-Secure Corporation Malware scanning
KR20120096983A (en) * 2011-02-24 2012-09-03 삼성전자주식회사 Malware detection method and mobile terminal therefor
US8726388B2 (en) * 2011-05-16 2014-05-13 F-Secure Corporation Look ahead malware scanning
US8973135B2 (en) * 2011-09-29 2015-03-03 Microsoft Technology Licensing, Llc Selectively scanning objects for infection by malware
US8533835B2 (en) * 2011-12-14 2013-09-10 Mcafee, Inc. Method and system for rapid signature search over encrypted content
US8990932B2 (en) * 2012-06-28 2015-03-24 Secureage Technology, Inc. System and method for prevention of malware attacks on data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1679631A2 (en) * 2004-12-21 2006-07-12 Microsoft Corporation Method and system for a self-healing device
US8352522B1 (en) * 2010-09-01 2013-01-08 Trend Micro Incorporated Detection of file modifications performed by malicious codes
EP2570955A1 (en) * 2011-09-13 2013-03-20 F-Secure Corporation Restoration of file damage caused by malware

Also Published As

Publication number Publication date
US9292687B2 (en) 2016-03-22
GB201315049D0 (en) 2013-10-02
US20150058987A1 (en) 2015-02-26
GB2517483A (en) 2015-02-25

Similar Documents

Publication Publication Date Title
AU354395S (en) Case
GB201311001D0 (en) Lucabella
GB201313601D0 (en) Sensitive detector
GB201413149D0 (en) No details
GB2529118B (en) Trusted device
RU2015143666A (en) Systems and methods for cryptographic security as a service
AU354443S (en) Case
HK1220523A1 (en) Complex scoring for malware detectionn
GB2517483B (en) Detecting file encrypting malware
IL241262A (en) Multi-factor location verification
EP2880515A4 (en) Interaction sensing
IL256021D0 (en) Walker-assist device
HK1218049A1 (en) Modified lymphocytes having improved specificity
AU355447S (en) Case
EP2951753A4 (en) Targeted security alerts
PL2953956T3 (en) Heteropolyoxometalates
IL227598A (en) Systems and methods for identifying malicious hosts
PL2996514T3 (en) Sliding arrangement
SG11201505742PA (en) Data security service
HK1220226A1 (en) Histidyl-trna synthetase-fc conjugates -trna -fc
EP3056613A4 (en) Shovel
GB201307605D0 (en) Stabilising Device
HK1220205A1 (en) Modified lymphocytes
GB2518460B (en) Unauthorised/Malicious redirection
GB201309702D0 (en) Security